Greetings,
I work for a state agency and our IT department is determining if we can continue to use 3rd party packages. Does the group know what security measures are taken by Autodesk(?) (if any) to vet these packages for malicious intent? Who/What hosts the 3rd party packages available for download? Thank you for your time!
Autodesk hosts them on an AWS server.
Content is also scanned for viruses as noted here.To my knowledge the only items found to date have been non-functional code which was purposely uploaded to validate the scanning service.
However as with any aspect of infosec, it is on the end users to keep safe. Likely the best bet for a conservative approach is to centrally manage and distribute packages to end users for local execution via GPL, robocopy, or other tools.
an anti-virus scans for new packages has been introduced since Dynamo 2.16